crack_check()
(PECL crack >= 0.1)
用给定的密码来进行破解测试
说明
crack_check(resource $dictionary,string $password): bool
crack_check(string $password,string $username= "",string $gecos= "",resource $dictionary= NULL
): bool
使用特定字典中给定的密码来进行密码强度检测。可供选择的特征(The alternative signature)还考虑用户名和GECOS信息。
Warning此函数是实验性的。此函数的表象,包括名称及其相关文档都可能在未来的PHP 发布版本中未通知就被修改。使用本函数风险自担。
参数
- $dictionary
破解库所使用的字典,如果没有指定,则使用最后一次打开的字典。
- $password
需要检查的密码。
- $username
用于密码检测的这个账户的用户名。
- $gecos
用户账户的 GECOS 信息。
返回值
返回TRUE
如果$password足够安全,或者返回FALSE
表示可能需要进一步的操作.
更新日志
版本 | 说明 |
---|---|
0.3 | $username、$gecos和$dictionary字段被添加到了可供选择的特征(alternative signature)中。 |
In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems). There is a third format for the function call which supplies these additional parameters: bool crack_check (string $password, string $username, string $gecos, resource $dictionary) This is true of PECL crack version 0.4, I'm not sure about earlier versions.
If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this. It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial. The $message variable will contain cracklib's complaint (if there is one) You'll want to wrap your invocation of this function in a try...catch block. <?php function cracklibCheck($password, &$message) { // Clean up password $password=str_replace("\r", "", $password); $password=str_replace("\n", "", $password); // Run password through cracklib-check exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var); // Check it ran properly if($return_var==0) { if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches)) { // Check response if(strtoupper($matches[1])=="OK") { // Password is strong $message=""; return(true); } else { // Cracklib doesn't like it $message=$matches[1]; return(false); } } else { // Badly formatted response from cracklib-check. throw new Exception("Didn't understand cracklib-check response."); } } else { // Some sort of execution error throw new Exception("Failed to run cracklib-check."); } } ?>